WhatsApp Image 2025-10-06 at 13.04.11

From Uncertainty to Resilience: DPI at the Digital Immersion at FIFAfrica25

by Digital SecurityDigital Security

This September, Defenders Protection Initiative (DPI) proudly joined digital rights defenders, technologists, and changemakers from across Africa and beyond at #FIFAfrica25 in Windhoek, Namibia. But this wasn’t your typical conference, it was an immersive journey through the digital challenges facing human rights defenders today.

CIPESA’s Internet Freedom Maze turned abstract cybersecurity concepts into visceral, first-hand experiences. DPI was honored to take part in two critical spaces within this experience:

  • Zone 1 – The Trap of Uncertainty, and
  • The Digital Security Citadel, a live, hands-on tech corner of the exhibition.

Zone 1: Phishing, Power, and Practicality

At the heart of the maze stood Zone 1: The Trap of Uncertainty where participants were confronted with a question we all should ask more often:
“Am I truly safe online?”

DPI’s Communications Executive, Noelyn Nassuna, alongside Ogira Charles Donaldson, a member of the Digital Security Alliance hosted by DPI, led this space with thought-provoking simulations and real-time awareness-building. They guided participants through phishing simulations where QR codes led to realistic scam scenarios. It was a mirror into our digital behaviors forcing participants to pause, reflect, and often, realize they weren’t as secure as they thought.

To support learning beyond the simulation, DPI distributed custom-designed IEC materials, including ring cards with easy-to-understand security tips, tool recommendations, and practical digital hygiene reminders. These materials proved to be not just souvenirs but starter kits for better online habits.

At the Citadel: DPI’s Digital Doctors in Action

While Zone 1 tested instincts, the Digital Security Citadel gave participants tools and knowledge to strengthen those instincts.

Here, DPI’s Fred Drapari (ICT Executive) joined a team of digital security “doctors” including:

  • Gole Andrew, who impressively rode a motorcycle all the way from Uganda to Namibia in the name of digital resilience,
  • Hapee De Groot, a long-time digital security ally whose practical support and insight added great value,
  • Brian Byaruhanga from CIPESA, and
  • Several other seasoned practitioners from the Digital Security Alliance.

The Citadel offered:

  • Hands-on demos of Microsoft Office security settings
  • Guided installs and education around tools like Kaspersky antivirus, Bitdefender Security among others
  • Walkthroughs of encrypted messaging, password management, and 2FA
  • A rerun of the phishing simulation for those who missed Zone 1 or wanted to try again

It wasn’t just a tech station, it was a real-time consultation corner where participants could ask, test, fail, learn, and try again.

Building Connections Beyond the Booth

FIFAfrica25 wasn’t only about simulation and tech it was about connection and collaboration.

At both the Maze and the Citadel, DPI engaged with:

  • Funders and donor agencies interested in expanding the reach of digital protection work
  • Civic actors and journalists facing similar threats across the continent
  • Techies and tool builders contributing to the ecosystem of safe digital activism

From spontaneous hallway conversations to deeply technical Citadel demos, every interaction reinforced a shared vision: digital resilience is no longer optional – it’s essential.

What We’re Taking Home

As DPI returns home from Windhoek, we do so with renewed clarity and purpose. We plan to:

  • Expand the phishing simulation quiz into a broader campaign across civil society and media spaces
  • Print more of our IEC ring cards for wider distribution
  • Integrate new toolkits and tactics into our ongoing Digital Security Clinics and Bootcamps
  • Strengthen our collaborations with fellow Digital Security Alliance members and regional partners

FIFAfrica25 reminded us that defending the defenders is not just a slogan: it’s a strategy that requires tools, creativity, and deep community.

Want to Connect?

📸 Check out snapshots from our booth, materials, and the simulation challenge on our page:
https://twitter.com/defprotection

Let’s keep the digital resistance alive – one safe click at a time.

#FIFAfrica25 #DigitalResilience #InternetFreedom #PhishingAwareness #Zone1 #DigitalSecurityCitadel #DigitalImmersion

 

U.S. Ruling on NSO Sends Warning as Pegasus Targets Ugandan Journalists

by AdvocacyDigital SecurityDigital SecurityResearch

By Noelyn Nassuuna | 8 May 2025

In a historic decision on May 6, 2025, a U.S. jury in California ordered NSO Group to pay $168 million in damages for deploying its Pegasus spyware to hack WhatsApp’s infrastructure. This unprecedented verdict—$447,719 in compensatory damages and over $167 million in punitive damages—marks the first time the notorious Israeli spyware company is held financially accountable in court for its hacking operations.

This ruling is a major victory for global digital rights defenders and a critical warning to companies enabling unlawful surveillance. For years, NSO Group’s Pegasus spyware has been linked to grave human rights violations, including the targeting of journalists, activists, and dissidents worldwide. Meta, the parent company of WhatsApp, pursued a six-year legal battle to expose these abuses and protect its users. The judgment follows a landmark January 2025 summary ruling that found NSO guilty of violating U.S. and California hacking laws and breaching WhatsApp’s Terms of Service.

“This verdict sends a clear message to spyware companies that targeting people through U.S.-based platforms will come with a high price,” said Michael De Dora, U.S. Policy and Advocacy Manager at Access Now.

But while the courtroom victory occurred in the United States, its impact reverberates far beyond. Just days before the judgment, Ugandan investigative journalist Canary Mugume took to X (formerly Twitter) to reveal that Pegasus spyware had attempted to infiltrate his device. His post sent shockwaves through Uganda’s media and civil society sectors, especially as the nation edges closer to its 2026 general elections.

This is not the first time Pegasus has been used to target journalists globally. In Uganda, such incidents signal a chilling escalation in the digital threats facing the press. The implications are grave: surveillance software like Pegasus doesn’t just spy on individuals—it compromises entire newsrooms, sources, and the right to information.

“Apple sent this notification to me indicating that I am being targeted by a mercenary spyware. Most of these are used by Governments to hack into phones of journalists, high-profile figures and activists. They last sent this in 2021, there’s a pattern – electoral season.”

In past years, several journalists and human rights defenders in Uganda have reported suspicious digital intrusions, but rarely with hard evidence pointing to a tool as sophisticated and invasive as Pegasus. The spyware is known for its ability to silently infiltrate phones, access messages, camera, microphone, and more—all without the user’s knowledge.

At Defenders Protection Initiative (DPI), we continue to raise alarm and awareness over the growing use of surveillance technologies to intimidate, silence, or endanger the work of journalists, activists, and civil society organizations. The risks are particularly heightened during politically sensitive periods such as elections, where access to reliable information and protection of press freedom are critical for democratic integrity.

The recent U.S. court ruling is a reminder: accountability is possible. It is also a call to action for governments, tech companies, and civil society in Uganda and across Africa to:

  • Strengthen digital security protocols for journalists and human rights defenders
  • Demand transparency and oversight over surveillance technologies
  • Challenge spyware vendors through legal, policy, and public channels

We stand in solidarity with journalists like Canary Mugume and urge all media professionals to report digital threats and seek expert support. DPI remains committed to supporting journalists and human rights defenders through digital security trainings, emergency response, and legal support.

As elections approach, the protection of digital rights is not just a tech issue—it is a human rights imperative.

1697312026600

Investing in Women’s Safety and Security

by AdvocacyDigital SecurityDigital SecuritySecurity

We hope you were celebrated or honored by the women in your life, and we encourage you to continue this appreciation beyond Women’s Day.

Speaking of Women’s Day, this year’s theme, “Invest in Women: Accelerate Progress,” underscores the critical need for increased financing in gender equality efforts, including funding gender-responsive, green energy initiatives, and support for female and feminist changemakers.

These challenges notwithstanding, as experts in the fields of security, safety, and human rights, we have witnessed firsthand how the unique security risks and threats faced by women impede progress not only toward achieving equity but also in improving their overall quality of life.

Here are four impactful ways in which we can invest in women to accelerate progress through enhanced security and safety measures.

Enhancing  Responsiveness of Security and Justice Institutions 

According to a 2020 Violence Against Women and Girls Survey (VAWG) conducted by UBOS, a staggering 95% of women surveyed reported experiencing physical and sexual violence. Shockingly, only 45% of those who had experienced intimate partner physical and sexual violence chose to report it, primarily due to a deep-seated mistrust in the judicial system.

Despite efforts such as the establishment of Gender-Based Violence help desks by Uganda Police, significant gaps remain in addressing these issues effectively. There is an urgent need to bolster the responsiveness of law enforcement and judicial institutions in apprehending and prosecuting perpetrators. Strengthening these mechanisms is crucial in not only delivering justice to survivors but also contributing significantly to deterring future occurrences.

GBV Toll Free Helpline 0800199195

Support, NOT Survivor Blaming

The UBOS survey also revealed that the other reasons why women opted not to report physical/sexual abuse were fear of being blamed for the incidents and the threat of continued abuse or worse consequences by their abusers if they spoke up.

In light of these distressing findings, it is clear that women who have endured abuse and violations, need tools and assistance to cope, recover, and pursue justice, to help them navigate these harrowing experiences and gradually rebuild a sense of safety and stability in their lives. This can be informed by psychosocial support or training in basic self-defense skills among others.

Equipping Women with Knowledge and Skills to Navigate the Evolving Digital Landscape

In today’s rapidly evolving digital world, it’s crucial to empower women with the necessary knowledge and skills to navigate cyberspaces safely. This includes providing them with the tools to prevent, recognize, and respond to cyber-attacks effectively. Explore our website for digital security support options/offerings.

As more aspects of our lives move online, women are increasingly vulnerable to various forms of digital abuse, including hacking, cyberbullying, harassment, and online stalking. By skilling women in cybersecurity and digital safety, we can empower women to protect themselves against such threats and confidently engage in online activities.

Investing in Gender-Inclusive Tech for Safety and Security 

By allocating resources toward the creation and refinement of tech tools tailored to women’s needs, we can address existing safety concerns and foster a more inclusive digital environment. 

Here are a few we like; digitalsafetea.com safebangle.org bitdefender.com 

For blog article

Data Privacy and Protection: Essential Insights for NPOs.

by AdvocacyBusinessDigital SecurityDigital Security

Like other organisations/companies, Non-Profit Organisations (NPOs) collect and utilise data from their program participants, partners or donors. It is therefore imperative that they prioritize data privacy and protection.

Data privacy and protection essentially entail safeguarding sensitive personally identifiable information, covering data collection, storage, and organizational use. Data collected by NPOs may include details such as names, addresses, emails, and financial information. 

Here are key insights for NPOs as they navigate the landscape of data privacy and protection.

Why Data Privacy and Protection?

Data protection and privacy aren’t just checkboxes for NPOs; failure to safeguard sensitive information can lead to severe consequences, posing significant risks to organisations.

Loss of Data

Losing valuable data can be detrimental to an NPO’s operations. Whether it’s program participant information, donor records, or financial data, the loss of such information can disrupt essential activities and hinder effective decision-making. Additionally, recovering lost data can be a time-consuming and costly process. 

Financial Loss

Data breaches can lead to financial losses. NPOs may face financial liabilities associated with rectifying the situation. This could include expenses related to legal actions, regulatory fines, or compensating affected individuals. By implementing robust data protection measures, the risk of financial loss can be minimised and resources can be allocated to their core mission.

Damage to Reputation

NPOs and civil society organizations in general rely heavily on the trust and support of their stakeholders, including donors, partners, and the civil society at large. A data breach or mishandling of sensitive information can severely damage their reputation. Negative publicity, loss of trust, and public scrutiny can have long-term consequences. 

What to Do: Take Action

Digital Security

One of the primary steps in ensuring data protection is to prioritize digital security—measures to secure all data collected, processed, or stored electronically. This includes implementing robust firewalls, encryption techniques, and access controls to prevent unauthorized access or damage to sensitive information. Regularly updating security software and conducting vulnerability assessments can help identify and address any potential vulnerabilities in the organization’s systems. Additionally, establishing strong internal policies and educating staff about cybersecurity best practices can significantly enhance data protection.

Transparency

It is crucial to provide data subjects with enough information to make informed decisions about the data collected from them to obtain informed consent. This includes being transparent about the purpose of data collection, how it will be used, and whether it will be shared with any third parties. This can be achieved through clear and concise privacy policies, consent forms, and opt-in mechanisms. 

Compliance

Compliance with relevant data privacy and protection laws can minimise the risk of legal consequences and demonstrate their commitment to protecting individuals’ privacy.

The Personal Data Protection and Privacy Act 2019, spells out specific regulations on data handling. It may also be helpful for NPOs to familiarise themselves with international laws, such as the General Data Protection Regulation (GDPR), to stay informed about how data may be used by third parties operating under EU jurisdiction. This also ensures that they (NPOs) handle data from the same jurisdiction in a way that aligns with the required standards.

Where To Start: Available Resources 

  • At DPI, we provide training and capacity building in data privacy and protection specifically tailored for NGOs. Feel free to reach out to us here for assistance.
unnamed (3)

The Strength of Strategic Coalitions: Showcasing the Impact of the Digital Security Alliance and NPO Coalition on FATF.

by AdvocacyAML/CTFCivic SpaceDigital SecurityDigital SecurityFATF

The pivotal role played by strategic coalitions in advancing our mission cannot be overstated. This month we highlight key wins of the Digital Security Alliance (DSA) and the NPO Coalition on FATF, shedding light on their contributions to empowering Human Rights Defenders (HRDs) and cultivating supportive ecosystems.

Digital Security Alliance (DSA)

Digital Security Clinics:

Through our Digital Security Clinics, we have significantly extended our impact in fortifying the cybersecurity resilience of HRDs. This month’s focus was on empowering grassroots HRDs and CBOs, which are most burdened with emerging digital challenges such as limited access due to slow or no internet connectivity, data loss, and the absence of enabling ICT hardware and infrastructure, such as cell towers and computers.

The Digital Security Clinics successfully fortified the digital security capacity of civil society organizations (CSOs) in the Eastern subregion, including the Pallisa Civil Society Organization Network (PACONET), Public Affairs Center of Uganda (PACUganda), Soroti, the Kapchorwa Civil Society Organizations Alliance, and the Joshua’s Cheptegei Development Foundation.

DSA served as the official digital security partner for the 5th edition of the Human Rights Convention hosted by Chapter Four Uganda and the 5th Annual Women’s Week hosted by Uganda Women’s Network (UWONET). These workshops addressed multifaceted issues, including limited access, insufficient digital literacy, and socio-cultural barriers discouraging women’s engagement with ICT.

NPO Coalition on FATF

Global NPO Consultation on Recommendation 8

The Global NPO Coalition on FATF played a pivotal role in the success of the “Risk and Consequence: The Future of FATF Recommendation 8 for Financial Integrity and Civil Society” conference. This convening brought together policymakers, standard setters, financial institutions, nonprofit organizations (NPOs), multilateral organisations, academics, and think tanks, all of whom contributed their input to the revision of the FATF Recommendation 8.

Furthermore, the Coalition submitted recommendations to the FATF Public Consultation on revisions to Recommendation 8 and its Interpretive Note. The approved revised standard clarifies the application of the risk-based approach, acknowledges sectoral self-regulation measures, and explicitly states that NPOs should not be considered obliged entities.

As we reflect on the achievements of the Digital Security Alliance and NPO Coalition on FATF, we are inspired to continue fostering alliances, enhancing outreach, and creating lasting impacts on the front lines of advocacy. The journey toward safeguarding human rights defenders remains a collective endeavor, and we look forward to the shared progress that lies ahead.

For Blog.

Simple Digital Security Measures YOU Should Implement

by Digital SecurityDigital SecurityProjects/Our Work Section

As we end #CyberSecurityAwareness month, you have most likely consumed a wealth of information, including dos and don’ts, warnings, and cautionary tales. We understand that some of this content might appear complex or daunting to grasp. So here are a few straightforward yet highly impactful digital security measures that you can implement today to stay one step ahead in the realm of cybersecurity.

Securing Your Messages and Calls 

While most messaging platforms like Signal, WhatsApp, and Telegram offer end-to-end encryption for messages and calls, you can go a step further in fortifying the security of your communications by using Face ID or Finger Print Lock as an additional layer of protection from unauthorized access to your messages.

However, it is important to utilize this feature alongside a pattern unlock or PIN because once biometric data is compromised, it cannot be replaced.

For Apple users, it’s important to limit the scope of your messages and, if necessary, disable messages in iCloud for enhanced privacy and security. By doing this, you can restrict the synchronization of your messages to a single device, minimizing the risk of unauthorized access or data leaks.

Using  VPN for Secure Browsing

In Uganda, many of us primarily associate Virtual Private Networks (VPNs) with bypassing blocked social media platforms like Facebook. However, the utility of VPNs extends far beyond this. They add a crucial layer of security by encrypting your internet connection and shielding your online activities from prying eyes whether you are engaged in tasks within your Google Suite or conducting online banking transactions

Browsers like Opera and Tor come with a built-in VPN, eliminating the need to constantly toggle it on and off. 

Password and Pass-Keys Generators

Managing strong and unique passwords for all your online accounts can be a daunting task. Luckily, both the Play and App stores offer a password generator that can generate and save passwords for your multiple online accounts. However, exercise caution and use this feature on private computers only. Unauthorized access to your Google Account or Apple ID could lead to breaches of your other accounts.

Software Updates 

Downloading and installing software updates for your devices and the applications used on them is one of the simplest methods to maintain optimal digital security. These updates enable tech companies to fix any bugs and vulnerabilities in their products that could be exploited by hackers or malware. Don’t ignore that software update notification on your computer any longer!

By implementing these simple digital security measures, you can significantly enhance your online safety and protect your valuable information from potential threats. Remember to remain vigilant and enjoy secure browsing.

2nd

Harnessing the Potential of Collaboration and Partnerships for Social Impact

by AdvocacyAdvocacyAML/CTFCivic SpaceDigital SecurityDigital SecurityFATFLEDs ProtectionProjects/Our Work SectionRisk AssessmentSecurity

The significance of partnerships and collaborative efforts in advancing the goals and activities of civil society has become more evident than ever before. This month, we take a moment to reflect on the profound impact of collaboration and partnership in advancing our mandate.


Fostering Knowledge Exchange
In collaboration with the Civic Advisory Hub and the NPO Coalition on FATF – East and Southern Africa Chapter, we took a significant step forward in advocacy efforts for the adoption of a risk-based approach to the monitoring and legislation of NPOs in the context of countering terrorism financing.


During a successful webinar titled “Understanding NPO Risk Assessment on Terrorism Financing,” NPO leaders from the region shared their experiences, lessons learned, and criteria for NPO risk assessment working groups. Together, we explored the critical role that NGOs play in these assessments and discussed the essential qualities required for effective participation.


Empowering Communities through Digital Security: Our #RoadToFIFAfrica Journey
We embarked on an exhilarating regional campaign known as #RoadToFIFAfrica, spanning from Kampala to Nairobi, Mombasa, and culminating in Dar es Salaam. Throughout this journey, we actively connected with local communities, students, CBOs, and NGOs to address the vital topic of digital security. Our mission was clear: to equip individuals and organizations with essential digital security skills, provide them with valuable tools and knowledge, and empower them to navigate the digital world safely and confidently.


Championing Internet Freedom at FIFAfrica23
With support from CIPESA Uganda and in collaboration with Encrypt Uganda, and HRD Andrew Gole, our commitment to digital security extended to Africa’s largest gathering on Internet freedom, the Forum for Internet Freedom in Africa (#FIFAfrica23). Through the Digital Security Alliance, we extended digital security support to some of the brightest minds in Africa and worldwide, fueling their tireless efforts to safeguard internet freedom both on the continent and globally.


Multi-Sector Support and Collaboration
In addition to these dynamic initiatives, we maintain active engagement with key government ministries and agencies including the Financial Intelligence Authority (FIA) and the National Information Technology Authority (NITA-U) among others.


Our objective is to provide valuable sector insights and foster collaboration to create an enabling and supportive environment for Human Rights Defenders(HRDs) and activists. Through our regional “Talk To Your Regulator” sessions, we aim to strike a delicate balance between fostering compliance and preventing excessive regulation. We achieve this by creating awareness among NGOs about their legal compliance requirements and responsibilities while also engaging regulators on the unintended consequences that overly restrictive regulations can have on the sector. Our ultimate goal is to ensure that members of civil society can effectively fulfill their missions. This month’s engagement took place in Hoima, marking another milestone in this ongoing effort.


Suffice it to say that our journey this month underscores the power of collaboration and partnerships in driving transformative change and fostering social impact. Here’s to more partnerships and collaborations ahead.

Assessing The Levels of Risk

Assessing The Levels of Risk to Which Human Rights NGOs Were Exposed to After Adoption Of Technology Tools For Business Continuity

by AdvocacyDigital Security
Watch the Assesment Video Report
A week after the World Health Organisation (WHO) declared COVID 19 a global pandemic, Uganda registered its first case. A month later, the disease was widespread across the country, prompting the operationalization of WHOrecommended and Government-imposed emergency measures to contain the spread of the virus. These included partial and eventually total lockdowns, a ban on social gatherings of more than five people, the shutdown of public transport, air travel, and the closure of businesses except for vital sectors like food and health.
To ensure continuity of operations, NGOs, much like other businesses/organizations across the globe, had to heavily depend on digital tools to continue operations which led to the “Zoom-Era.” The era of working from home/remotely aided by digital applications like conferencing platforms like Zoom, which allows for up to 500 participants, voice, and video, messaging apps, and digital collaborative workspaces in the absence of offices and physical engagement.

For the highly tech-driven economies from the developed world, this transition was undoubtedly an inconvenient adjustment; unfortunately for developing countries like Uganda, with substantial deficiencies in ICT infrastructure, where only a sixth (1/6) of the population has access to the internet, and 36% of the non-internet users are digitally illiterate1, it was nothing short of a catastrophe.

The Not-for-profit sector was one of those hardest hit by this transformation since the bulk of their work entails awareness and capacity building engagements, socio-civic advocacy/activism, community meetings, and outreach. This study, therefore, sought to investigate the digital security risks associated with the adoption of technological tools given the human rights landscape in Uganda and against the backdrop of the COVID pandemic.

The study targeted 50 NGOs across the country. To obtain comprehensive data sets, it necessitated the selection of respondents from both frontline officers involved in implementing day-to-day activities of human rights NGOs and critical decision-makers such as Executive Directors, Program Managers, Department Heads and Advocacy Officers.

Guided by the research questions; “Did the adoption of digital platforms expose NGO to any cybersecurity-related challenges? Was the adoption of digital platforms effective in NGOs’ business continuity?” we were able to obtain the following evidence.

Watch the Assesment Video Report

Level of Exposure to Digital Tools Prior COVID 19

The research revealed that 50% of the respondents were moderately exposed to digital security tools before the COVID 19 lockdown. Frontline offices pointed out that their work primarily constituted physical engagements with their partners and beneficiaries, which limited the number of tech tools and frequency. The most commonly used digital tools were voice conferencing call facilities, voice over internet services like Skype, digital collaboration tools like Google Suite, Gmail, Google Drive, Google Meet, and Google Docs. Social media platforms including Facebook, Twitter, and YouTube. However, with the outbreak of COVID 19 and subsequent lockdown, NGOs had to adopt “new” tech tools and depend on the ones already in use more heavily to ensure business continuity. Respondents reported to have adopted video conferencing and collaboration platforms; Zoom, BlueJeans, Google Meet, Jitsi, KumoSpace, Microsoft Teams, and GoTo Meetings. These are mainly used to facilitate internal communication/conducting staff meetings (19%), communicate with participants (18%), conducting workshops (15%), communicating and liaising with donors (14%), and providing support to beneficiaries (14%)

Challenges Faced During and as a Result of Adopting Technological Tools

Facilitating business continuity, increasing efficiency, improving time management, and other benefits of tech mainstreaming notwithstanding, the adoption of tech tools was not without challenges. NGO heads reported internet interruptions as their biggest challenge. Interruptions were either unstable or, for the case of rural areas, non-existent networks—slow internet connections due to the minimal broadband coverage. 3G covers only 65% of the population, and LTE/4G covers only 17%.2 NGO staff in urban areas with access to 4G speeds that could support dataintensive apps like video conferencing tools were affected by the high cost of data. Individuals reported having spent on average 127,500 UGX per month purchasing internet data packages—a stretch for most middle seized NGOs without an internet budget big enough to cover 127,000 worth of data for each staff. The above interferences are compounded by frequent power cuts, which affect enabling ICT hardware and infrastructure such as the cell towers, desktops, MiFis, and modems.

Exposure to Digital Security Risks

Much like the COVID 19 pandemic, the adoption of tech tools and mainstreaming of ICT were novel. The timing and abrupt nature of the circumstances also did not allow for adequate preparation and training on using the digital tools and digital security concerns. These, therefore, paused unprecedented risks. 98% of the respondents reported having been exposed to some sort of digital security risk. Of the reported cases, we deduced that 52% of these were exposed to digital threats while using personal computers as opposed to the 48% who faced threats while using organization-provided computers. It was inferred from the findings that the organizations whose works centres on social development, justice, law and order, health, education, ICT, and accountability reported digital threats more frequently. However, this comes as no surprise, especially in the Ugandan context, whose civic environment is marred by intimidation, torture, and killing of social justice leaders, illegal detentions and evictions, and a restrictive legal framework, among others. However, the research findings highlighted the varying degree in threat level exposure as experienced by different genders and reaffirmed the disproportionate impact of COVID 19 on women and children. This is evidenced by NGOs operating in the thematic area of Women’s rights and reporting the most frequent (26%) exposure to digital security risks from using technology tools adopted during COVID-19 lockdown.
Watch the Assesment Video Report

Forms of Digital Security Risks/ Threats

Service disruptions
0%
Online harassment
0%
Lack of privacy
0%
Malware
0%
Loss of data
0%
Unauthorized access to organizational documents
0%
After service disruptions (41%), online harassment (13%) was the second most frequent risk respondents reported to have been exposed to due to the adoption of technology tools during COVID-19 lockdown. Others included; online harassment (13%), lack of privacy (8%), malware (8%), loss of data (6%), and unauthorized access to organizational documents. (3%). Video Conferencing digital tools registered the highest incidences of exposure to digital security risks. Respondents reported multiple “Zoom bombing” incidents during which offensive or Not Safe For Work (NSFW) material was displayed during organizational meetings, hacking into video conference meetings by uninvited persons and impersonation.

Reporting and Resolution of Digital Security Incidents

The research also highlighted acute digital literacy levels and the urgent need for increased digital security support for NGOs. Of the 98% of respondents who reported exposure to digital risks, only 29% reported these exposures to their corporate ICT team, service provider, platform owner, or digital security group, the majority (70%) did not report these incidents primarily because they didn’t know that they could or because they did not know where to report.

Conclusion and Recommendations

While the adoption of new tech tools and increased digital streamlining in Human Rights Organisations was sparked by an emergency, the digital revolution has been growing and evolving over three decades and is here to stay. Pandemic or not, HROs, like other organizations, recognize the necessity of leveraging and repurposing digital tools for their work advocacy, service delivery, creative public demonstrations, and meeting emergent needs.
Additionally, it cannot be ignored that with the increased digitalisation are more significant digital threats both in terms of incidence and sophistication. With 98% of the respondents in this study indicating exposure to digital security risks and over 70% of these not reporting the incidents due to ignorance and absence of relevant digital security support, this demonstrates the vulnerabilities, threats, and risks HROs are potentially exposed to within the digital era
This study further exposes how the COVID-19 pandemic has exacerbated digital inequalities and widened the digital divide between rich and poor, urban and rural, and vulnerable and privileged—evidenced by limited access to the internet, digital differentiation, participation gaps, and usage gaps marking the challenges of digitally disadvantaged organizations or communities who cannot take advantage the internet and who are at greater risk of falling behind their digitally resourced counterparts.

Nevertheless, however startling the findings, there-in lies opportunities for HRDs and social activists to;

  • Fill the service provision gap in digital security awareness and digital literacy.
  • Advocacy on digital inequalities and the associated social inequalities.
  • Leverage/develop need-specific digital tools. Tailored to advancing and supporting the work and needs of HRDs in Uganda
    • DIGIsecCON21-banner_2_just

    Digital Security Conference (DigiSecCon21)

    by Digital Security

    Defenders Protection Initiative will bring together actors from civil society, the private sector, business leaders, government, academicians, technologists, activists, journalists and subject matter experts to tackle pressing issues at the intersection of human rights, technology and security.
    The Digital Security Conference is a premium convening for stakeholders from technological, business and civic arenas to discuss the challenges and opportunities in the promotion and advancement of human rights in a digital era.

    Contrary to the previous editions of the digital security conference, this year’s edition will be a hybrid with both online and physical locations. The programing for this year’s conference will deepen conversations on longstanding issues affecting access to the internet and information, freedom of expression and association, privacy, data protection, digital rights and inclusion. This year the conference is set to attract over 300 participants.

    The aim of the conference is to bring together different sector perspectives (e.g. education and social development, human rights, legal, health, ICT, finance, justice, law & order) to highlight the challenges, drivers and consequences of inequality in the age of digitalisation. In this context, we strive to identify viable solutions to ensure the creation of a self-determined society.

    Digitalisation has transformed the society we live in today: It has changed the way we communicate, learn, work, and live. Digital technologies provide access to information anytime and anywhere and promise to empower users around the world by delivering more and easier opportunities for transparency and social participation. Despite this potential, modern societies are increasingly witnessing a gaping chasm of inequality as social actors experience differential results of ubiquitous digitalisation around the world. Understanding and finding ways to solve this paradox is a primary motivation for the digital security Conference 2021.

    #DigiSecCon21

    DECODING FOUNDATIONAL INEQUALITIES IN A DIGITAL ERA

    Empowering civil society to challenge systemic exclusion

    Http and https security certificates vector illustration. Web browser protocols isolated icons

    SSL – What You Need to Know

    by Digital SecurityDigital SecurityWeb Applications

    We often hear about a padlock, green URL bar and several other ways people use to describe SSL. But the question would be, What really is SSL and how useful is to HRDs websites?

    What is Secure Sockets Layer (SSL)?

    SSL is a security protocol that assures users of the connection between their device and the website they are visiting. During a connection to a website so much information is shared between two computers (the visitor and there server for the website) including what may be highly confidential data such as credit card numbers, location data, user identification numbers or even passwords. Visitors have to make sure all the information passing is secure and not prompt to interception by third parties. This is why SSL has become a big deal in the cyber-powered world.

    In cases where there is no SSL, the information shared between these two computers often show up as plain text. Which means, if there were to be an adversary, they would basically see all the communication and in this case, data could be stolen. SSL prevents this by encrypting this communication.

    Why we need SSL?

    When a visitor goes to your website and sees that you have an SSL it builds an enormours level of trust, this shows your visitors that whatever their activity on your website is secure. This trust is of more importance if it includes transactional relationship; where money is involved.

    Even if not for transactional relationship, in the cyber-space of today “Data is the new Gold!” so That means everything we do online has to be secure.

    To have this level of trust and security for your visitors requires the one key means – SSL. Since they assure users that the connection they have to that website is safe. For the end user, all they need to verify this is a simple icon shown on their browser (The padlock).

    The padlock, or green padlock icon has become an assurance indicator to users that the website they are visiting takes their security seriously.

    In case you haven’t realized the importance of having your website secured with SSL because you do not handle sensitive financial-related data, it is time to shift away from that. As mentioned earlier, hackers in these digital age would go after any data transmitted on the internet especially other personal identifying information.

    Good enough, websites without SSL have been labelled “Insecure” some browsers show a red URL bar in order to protect and allow visitors to clearly identify these websites. Also, websites without SSL do not rank high on search engines as of today.

    We shall be writing on how SSL works and Types of SSL to choose out from in the near future.